aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Banka <michal.banka@nokia.com>2020-03-17 16:46:56 +0100
committerMichal Banka <michal.banka@nokia.com>2020-03-18 11:30:45 +0100
commit8252e258b55d09a389a37d9880b97f16fd4d9275 (patch)
tree3cf2856ce20c3b4278e552090ba88584a6a4dfa7
parentc85a8965e876fde2089582a6468eb02ce18bafd5 (diff)
Remove CSRMeta class dependency
Signed-off-by: Michal Banka <michal.banka@nokia.com> Change-Id: If3458612629dd84f95bf9ba1e0778e65696bb13d Issue-ID: AAF-1107
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java13
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java90
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java4
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java103
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CsrMeta.java208
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java63
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java12
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilderTest.java99
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java118
9 files changed, 137 insertions, 573 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
index c9e61b02..2477c421 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
@@ -29,6 +29,7 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.stream.Collectors;
+
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
@@ -54,17 +55,15 @@ public class Cmpv2ClientAdapter {
private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class);
private final CmpClient cmpClient;
- private final CsrMetaBuilder csrMetaBuilder;
private final RsaContentSignerBuilder rsaContentSignerBuilder;
private final X509CertificateBuilder x509CertificateBuilder;
private final CertificateFactoryProvider certificateFactoryProvider;
@Autowired
- public Cmpv2ClientAdapter(CmpClient cmpClient, CsrMetaBuilder csrMetaBuilder,
- RsaContentSignerBuilder rsaContentSignerBuilder, X509CertificateBuilder x509CertificateBuilder,
+ public Cmpv2ClientAdapter(CmpClient cmpClient, RsaContentSignerBuilder rsaContentSignerBuilder,
+ X509CertificateBuilder x509CertificateBuilder,
CertificateFactoryProvider certificateFactoryProvider) {
this.cmpClient = cmpClient;
- this.csrMetaBuilder = csrMetaBuilder;
this.rsaContentSignerBuilder = rsaContentSignerBuilder;
this.x509CertificateBuilder = x509CertificateBuilder;
this.certificateFactoryProvider = certificateFactoryProvider;
@@ -82,7 +81,7 @@ public class Cmpv2ClientAdapter {
public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server)
throws CmpClientException, Cmpv2ClientAdapterException {
List<List<X509Certificate>> certificates = cmpClient.createCertificate(server.getCaName(),
- server.getCaMode().getProfile(), csrMetaBuilder.build(csrModel, server),
+ server.getCaMode().getProfile(), csrModel, server,
convertCsrToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey()));
return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)),
convertFromX509CertificateListToPemList(certificates.get(1)));
@@ -106,7 +105,7 @@ public class Cmpv2ClientAdapter {
ContentSigner signer = rsaContentSignerBuilder.build(csr, privateKey);
X509CertificateHolder holder = certificateGenerator.build(signer);
return certificateFactoryProvider
- .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
+ .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
} catch (IOException | CertificateException | OperatorCreationException | NoSuchProviderException e) {
throw new Cmpv2ClientAdapterException(e);
}
@@ -114,7 +113,7 @@ public class Cmpv2ClientAdapter {
private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
- .collect(Collectors.toList());
+ .collect(Collectors.toList());
}
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java
deleted file mode 100644
index cf35efa1..00000000
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * Cert Service
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aaf.certservice.certification.adapter;
-
-import java.security.KeyPair;
-import java.util.Arrays;
-import java.util.Optional;
-import java.util.stream.Collectors;
-
-import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
-import org.bouncycastle.asn1.x500.style.BCStyle;
-import org.bouncycastle.asn1.x500.style.IETFUtils;
-import org.bouncycastle.cert.CertException;
-import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.model.CsrModel;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
-import org.onap.aaf.certservice.cmpv2client.external.Rdn;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-
-@Component
-class CsrMetaBuilder {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(CsrMetaBuilder.class);
-
- /**
- * Creates CSRMeta from CsrModel and Cmpv2Server
- *
- * @param csrModel Certificate Signing Request from Service external API
- * @param server Cmp Server configuration from cmpServers.json
- * @return AAF native model for CSR metadata
- */
- CsrMeta build(CsrModel csrModel, Cmpv2Server server) {
- CsrMeta csrMeta = createCsrMeta(csrModel);
- addSans(csrModel, csrMeta);
- csrMeta.setKeyPair(new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey()));
- csrMeta.setPassword(server.getAuthentication().getIak());
- csrMeta.setIssuerName(server.getIssuerDN());
- csrMeta.setCaUrl(server.getUrl());
- csrMeta.setName(csrModel.getSubjectData());
- csrMeta.setSenderKid(server.getAuthentication().getRv());
- return csrMeta;
- }
-
- private CsrMeta createCsrMeta(CsrModel csrModel) {
- return new CsrMeta((Arrays.stream(csrModel.getSubjectData().getRDNs()).map(this::convertFromBcRdn)
- .filter(Optional::isPresent).map(Optional::get).collect(Collectors.toList())));
- }
-
- private void addSans(CsrModel csrModel, CsrMeta csrMeta) {
- csrModel.getSans().forEach(csrMeta::addSan);
- }
-
- private Optional<Rdn> convertFromBcRdn(org.bouncycastle.asn1.x500.RDN rdn) {
- Rdn result = null;
- try {
- result = convertRdn(rdn);
- } catch (CertException e) {
- LOGGER.error("Exception occurred during convert of RDN", e);
- }
- return Optional.ofNullable(result);
- }
-
- private Rdn convertRdn(org.bouncycastle.asn1.x500.RDN rdn) throws CertException {
- AttributeTypeAndValue rdnData = rdn.getFirst();
- String tag = BCStyle.INSTANCE.oidToDisplayName(rdnData.getType());
- String value = IETFUtils.valueToString(rdnData.getValue());
- return new Rdn(tag, value);
- }
-
-}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
index a29658f4..d81da10a 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
@@ -55,8 +55,8 @@ public class CsrModel {
private final PublicKey publicKey;
private final List<String> sans;
- CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
- List<String> sans) {
+ public CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
+ List<String> sans) {
this.csr = csr;
this.subjectData = subjectData;
this.privateKey = privateKey;
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
index 8f9d20bd..7de3b712 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
@@ -24,8 +24,9 @@ import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
/**
* This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public
@@ -34,53 +35,57 @@ import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
*/
public interface CmpClient {
- /**
- * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
- * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
- * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
- * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
- *
- * @param caName Information about the External Root Certificate Authority (CA) performing the
- * event CA Name. Could be {@code null}.
- * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
- * null}.
- * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
- * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
- * @param notBefore An optional validity to set in the created certificate, Certificate not valid
- * before this date.
- * @param notAfter An optional validity to set in the created certificate, Certificate not valid
- * after this date.
- * @return {@link X509Certificate} The newly created Certificate.
- * @throws CmpClientException if client error occurs.
- */
- List<List<X509Certificate>> createCertificate(
- String caName,
- String profile,
- CsrMeta csrMeta,
- X509Certificate csr,
- Date notBefore,
- Date notAfter)
- throws CmpClientException;
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
+ * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
+ * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
+ * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the
+ * event CA Name. Could be {@code null}.
+ * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
+ * null}.
+ * @param csrModel Certificate Signing Request model. Must not be {@code null}.
+ * @param server CMPv2 Server. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @param notBefore An optional validity to set in the created certificate, Certificate not valid
+ * before this date.
+ * @param notAfter An optional validity to set in the created certificate, Certificate not valid
+ * after this date.
+ * @return {@link X509Certificate} The newly created Certificate.
+ * @throws CmpClientException if client error occurs.
+ */
+ List<List<X509Certificate>> createCertificate(
+ String caName,
+ String profile,
+ CsrModel csrModel,
+ Cmpv2Server server,
+ X509Certificate csr,
+ Date notBefore,
+ Date notAfter)
+ throws CmpClientException;
- /**
- * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
- * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
- * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
- * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
- *
- * @param caName Information about the External Root Certificate Authority (CA) performing the
- * event CA Name. Could be {@code null}.
- * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
- * null}.
- * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
- * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
- * @return {@link X509Certificate} The newly created Certificate.
- * @throws CmpClientException if client error occurs.
- */
- List<List<X509Certificate>> createCertificate(
- String caName,
- String profile,
- CsrMeta csrMeta,
- X509Certificate csr)
- throws CmpClientException;
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
+ * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
+ * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
+ * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the
+ * event CA Name. Could be {@code null}.
+ * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
+ * null}.
+ * @param csrModel Certificate Signing Request Model. Must not be {@code null}.
+ * @param server CMPv2 server. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @return {@link X509Certificate} The newly created Certificate.
+ * @throws CmpClientException if client error occurs.
+ */
+ List<List<X509Certificate>> createCertificate(
+ String caName,
+ String profile,
+ CsrModel csrModel,
+ Cmpv2Server server,
+ X509Certificate csr)
+ throws CmpClientException;
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CsrMeta.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CsrMeta.java
deleted file mode 100644
index 4c4e784c..00000000
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CsrMeta.java
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- *
- * Modifications Copyright (C) 2019 IBM.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-
-package org.onap.aaf.certservice.cmpv2client.external;
-
-import java.security.KeyPair;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.X500NameBuilder;
-import org.bouncycastle.asn1.x500.style.BCStyle;
-import org.bouncycastle.asn1.x509.Certificate;
-
-public class CsrMeta {
-
- private String cn;
- private String mechID;
- private String environment;
- private String email;
- private String challenge;
- private String issuerCn;
- private String issuerEmail;
- private String password;
- private String caUrl;
- private List<Rdn> rdns;
- private ArrayList<String> sanList = new ArrayList<>();
- private KeyPair keyPair;
- private X500Name name;
- private X500Name issuerName;
- private Certificate certificate;
- private String senderKid;
-
- public CsrMeta(List<Rdn> rdns) {
- this.rdns = rdns;
- }
-
- public X500Name getX500Name() {
- if (name == null) {
- X500NameBuilder nameBuilder = new X500NameBuilder();
- nameBuilder.addRDN(BCStyle.CN, cn);
- nameBuilder.addRDN(BCStyle.E, email);
- if (mechID != null) {
- if (environment == null) {
- nameBuilder.addRDN(BCStyle.OU, mechID);
- } else {
- nameBuilder.addRDN(BCStyle.OU, mechID + ':' + environment);
- }
- }
- for (Rdn rdn : rdns) {
- nameBuilder.addRDN(rdn.getAoi(), rdn.getValue());
- }
- name = nameBuilder.build();
- }
- return name;
- }
-
- public X500Name getIssuerX500Name() {
- if (issuerName == null) {
- X500NameBuilder xnb = new X500NameBuilder();
- xnb.addRDN(BCStyle.CN, issuerCn);
- if (issuerEmail != null) {
- xnb.addRDN(BCStyle.E, issuerEmail);
- }
- issuerName = xnb.build();
- }
- return issuerName;
- }
-
- public void addSan(String san) {
- sanList.add(san);
- }
-
- public List<String> getSans() {
- return sanList;
- }
-
- public KeyPair getKeyPairOrGenerateIfNull() {
- if (keyPair == null) {
- keyPair = Factory.generateKeyPair();
- }
- return keyPair;
- }
-
- public KeyPair getKeyPair() {
- return keyPair;
- }
-
- public void setKeyPair(KeyPair keyPair) {
- this.keyPair = keyPair;
- }
-
- public String getCn() {
- return cn;
- }
-
- public void setCn(String cn) {
- this.cn = cn;
- }
-
- public void setEnvironment(String env) {
- environment = env;
- }
-
- public String getEnvironment() {
- return environment;
- }
-
- public String getMechID() {
- return mechID;
- }
-
- public void setMechID(String mechID) {
- this.mechID = mechID;
- }
-
- public String getEmail() {
- return email;
- }
-
- public void setEmail(String email) {
- this.email = email;
- }
-
- public String getChallenge() {
- return challenge;
- }
-
- public void setChallenge(String challenge) {
- this.challenge = challenge;
- }
-
- public void setPassword(String password) {
- this.password = password;
- }
-
- public String getPassword() {
- return password;
- }
-
- public void setCertificate(Certificate certificate) {
- this.certificate = certificate;
- }
-
- public Certificate getCertificate() {
- return certificate;
- }
-
- public void setIssuerCn(String issuerCn) {
- this.issuerCn = issuerCn;
- }
-
- public String getCaUrl() {
- return caUrl;
- }
-
- public void setCaUrl(String caUrl) {
- this.caUrl = caUrl;
- }
-
- public String getSenderKid() {
- return senderKid;
- }
-
- public void setSenderKid(String senderKid) {
- this.senderKid = senderKid;
- }
-
- public String getIssuerCn() {
- return issuerCn;
- }
-
- public String getIssuerEmail() {
- return issuerEmail;
- }
-
- public void setIssuerEmail(String issuerEmail) {
- this.issuerEmail = issuerEmail;
- }
-
- public void setIssuerName(X500Name issuerName) {
- this.issuerName = issuerName;
- }
-
- public void setName(X500Name name) {
- this.name = name;
- }
-}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
index 39a0877c..79656e91 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -20,6 +20,7 @@
package org.onap.aaf.certservice.cmpv2client.impl;
+import java.security.KeyPair;
import java.security.PublicKey;
import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseHelper.checkIfCmpResponseContainsError;
@@ -47,9 +48,10 @@ import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -73,36 +75,38 @@ public class CmpClientImpl implements CmpClient {
public List<List<X509Certificate>> createCertificate(
String caName,
String profile,
- CsrMeta csrMeta,
+ CsrModel csrModel,
+ Cmpv2Server server,
X509Certificate cert,
Date notBefore,
Date notAfter)
throws CmpClientException {
- // Validate inputs for Certificate Request
- validate(csrMeta, cert, caName, profile, httpClient, notBefore, notAfter);
+
+ validate(csrModel, server, cert, caName, profile, httpClient, notBefore, notAfter);
+ KeyPair keyPair = new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey());
final CreateCertRequest certRequest =
CmpMessageBuilder.of(CreateCertRequest::new)
- .with(CreateCertRequest::setIssuerDn, csrMeta.getIssuerX500Name())
- .with(CreateCertRequest::setSubjectDn, csrMeta.getX500Name())
- .with(CreateCertRequest::setSansList, csrMeta.getSans())
- .with(CreateCertRequest::setSubjectKeyPair, csrMeta.getKeyPair())
+ .with(CreateCertRequest::setIssuerDn, server.getIssuerDN())
+ .with(CreateCertRequest::setSubjectDn, csrModel.getSubjectData())
+ .with(CreateCertRequest::setSansList, csrModel.getSans())
+ .with(CreateCertRequest::setSubjectKeyPair, keyPair)
.with(CreateCertRequest::setNotBefore, notBefore)
.with(CreateCertRequest::setNotAfter, notAfter)
- .with(CreateCertRequest::setInitAuthPassword, csrMeta.getPassword())
- .with(CreateCertRequest::setSenderKid, csrMeta.getSenderKid())
+ .with(CreateCertRequest::setInitAuthPassword, server.getAuthentication().getIak())
+ .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv())
.build();
final PKIMessage pkiMessage = certRequest.generateCertReq();
Cmpv2HttpClient cmpv2HttpClient = new Cmpv2HttpClient(httpClient);
- return retrieveCertificates(caName, csrMeta, pkiMessage, cmpv2HttpClient);
+ return retrieveCertificates(caName, csrModel, server, pkiMessage, cmpv2HttpClient);
}
@Override
public List<List<X509Certificate>> createCertificate(
- String caName, String profile, CsrMeta csrMeta, X509Certificate csr)
+ String caName, String profile, CsrModel csrModel, Cmpv2Server server, X509Certificate csr)
throws CmpClientException {
- return createCertificate(caName, profile, csrMeta, csr, null, null);
+ return createCertificate(caName, profile, csrModel, server, csr, null, null);
}
private void checkCmpResponse(
@@ -191,14 +195,16 @@ public class CmpClientImpl implements CmpClient {
/**
* Validate inputs for Certificate Creation.
*
- * @param csrMeta CSRMeta Object containing variables for creating a Certificate Request.
+ * @param csrModel Certificate Signing Request model. Must not be {@code null}.
+ * @param server CMPv2 Server. Must not be {@code null}.
* @param cert Certificate object needed to validate response from CA server.
* @param incomingCaName Date specifying certificate is not valid before this date.
* @param incomingProfile Date specifying certificate is not valid after this date.
* @throws IllegalArgumentException if Before Date is set after the After Date.
*/
- private void validate(
- final CsrMeta csrMeta,
+ private static void validate(
+ final CsrModel csrModel,
+ final Cmpv2Server server,
final X509Certificate cert,
final String incomingCaName,
final String incomingProfile,
@@ -206,20 +212,19 @@ public class CmpClientImpl implements CmpClient {
final Date notBefore,
final Date notAfter) {
- String caName;
- String caProfile;
- caName = CmpUtil.isNullOrEmpty(incomingCaName) ? incomingCaName : DEFAULT_CA_NAME;
- caProfile = CmpUtil.isNullOrEmpty(incomingProfile) ? incomingProfile : DEFAULT_PROFILE;
+ String caName = CmpUtil.isNullOrEmpty(incomingCaName) ? incomingCaName : DEFAULT_CA_NAME;
+ String caProfile = CmpUtil.isNullOrEmpty(incomingProfile) ? incomingProfile : DEFAULT_PROFILE;
LOG.info(
"Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile);
- CmpUtil.notNull(csrMeta, "CSRMeta Instance");
- CmpUtil.notNull(csrMeta.getX500Name(), "Subject DN");
- CmpUtil.notNull(csrMeta.getIssuerX500Name(), "Issuer DN");
- CmpUtil.notNull(csrMeta.getPassword(), "IAK/RV Password");
+ CmpUtil.notNull(csrModel, "CsrModel Instance");
+ CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN");
+ CmpUtil.notNull(csrModel.getPrivateKey(), "Subject private key");
+ CmpUtil.notNull(csrModel.getPublicKey(), "Subject public key");
+ CmpUtil.notNull(server.getIssuerDN(), "Issuer DN");
+ CmpUtil.notNull(server.getUrl(), "External CA URL");
+ CmpUtil.notNull(server.getAuthentication().getIak(), "IAK/RV Password");
CmpUtil.notNull(cert, "Certificate Signing Request (CSR)");
- CmpUtil.notNull(csrMeta.getCaUrl(), "External CA URL");
- CmpUtil.notNull(csrMeta.getKeyPairOrGenerateIfNull(), "Subject KeyPair");
CmpUtil.notNull(httpClient, "Closeable Http Client");
if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) {
@@ -228,14 +233,14 @@ public class CmpClientImpl implements CmpClient {
}
private List<List<X509Certificate>> retrieveCertificates(
- String caName, CsrMeta csrMeta, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
+ String caName, CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
throws CmpClientException {
- final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, csrMeta.getCaUrl(), caName);
+ final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), caName);
try {
final PKIMessage respPkiMessage = PKIMessage.getInstance(respBytes);
LOG.info("Received response from Server");
checkIfCmpResponseContainsError(respPkiMessage);
- checkCmpResponse(respPkiMessage, csrMeta.getKeyPairOrGenerateIfNull().getPublic(), csrMeta.getPassword());
+ checkCmpResponse(respPkiMessage, csrModel.getPublicKey(), server.getAuthentication().getIak());
return checkCmpCertRepMessage(respPkiMessage);
} catch (IllegalArgumentException iae) {
CmpClientException cmpClientException =
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
index 32fd2074..e18d1ffb 100644
--- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
@@ -51,7 +51,6 @@ import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
import org.springframework.boot.test.context.SpringBootTest;
@SpringBootTest
@@ -83,10 +82,6 @@ class Cmpv2ClientAdapterTest {
private X509Certificate certificate;
@Mock
private CertificateFactoryProvider certificateFactoryProvider;
- @Mock
- private CsrMetaBuilder csrMetaBuilder;
- @Mock
- private CsrMeta csrMeta;
@InjectMocks
private Cmpv2ClientAdapter adapter;
@@ -102,7 +97,7 @@ class Cmpv2ClientAdapterTest {
stubInternalProperties();
// When
- Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+ Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
.thenThrow(new CmpClientException(TEST_MSG));
// Then
@@ -117,7 +112,7 @@ class Cmpv2ClientAdapterTest {
stubInternalProperties();
// When
- Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+ Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
.thenReturn(createCorrectClientResponse());
CertificationModel certificationModel = adapter.callCmpClient(csrModel, server);
@@ -144,7 +139,7 @@ class Cmpv2ClientAdapterTest {
stubInternalProperties();
// When
- Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+ Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
.thenReturn(createCorrectClientResponse());
Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any()))
.thenThrow(new CertificateException(TEST_MSG));
@@ -179,7 +174,6 @@ class Cmpv2ClientAdapterTest {
Mockito.when(holder.toASN1Structure()).thenReturn(asn1Certificate);
Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any())).thenReturn(certificate);
Mockito.when(holder.toASN1Structure().getEncoded()).thenReturn("".getBytes());
- Mockito.when(csrMetaBuilder.build(csrModel, server)).thenReturn(csrMeta);
}
}
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilderTest.java
deleted file mode 100644
index feb4bdba..00000000
--- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilderTest.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * AAF Certification Service
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aaf.certservice.certification.adapter;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.onap.aaf.certservice.certification.configuration.model.Authentication;
-import org.onap.aaf.certservice.certification.configuration.model.CaMode;
-import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.model.CsrModel;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
-
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.util.Arrays;
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-public class CsrMetaBuilderTest {
-
- private CsrMetaBuilder csrMetaBuilder;
-
- private static final String TEST_CA = "testCA";
- private static final X500Name TEST_SUBJECT_DATA = new X500Name("CN=testIssuer");
-
- @BeforeEach
- void setUp() {
- csrMetaBuilder = new CsrMetaBuilder();
- }
-
- @Test
- void shouldBuildCsrMetaWhenGivenCsrModelAndCmpv2ServerAreCorrect() {
- // Given
- CsrModel testCsrModel = mock(CsrModel.class);
- Cmpv2Server testServer = createTestServer();
-
- PKCS10CertificationRequest certificationRequest = mock(PKCS10CertificationRequest.class);
- when(testCsrModel.getCsr()).thenReturn(certificationRequest);
- PrivateKey mockPrivateKey = mock(PrivateKey.class);
- when(testCsrModel.getPrivateKey()).thenReturn(mockPrivateKey);
- PublicKey mockPublicKey = mock(PublicKey.class);
- when(testCsrModel.getPublicKey()).thenReturn(mockPublicKey);
- List<String> testSans = Arrays.asList("SAN01", "SAN02");
- when(testCsrModel.getSans()).thenReturn(testSans);
-
- when(testCsrModel.getSubjectData()).thenReturn(TEST_SUBJECT_DATA);
-
- // When
- CsrMeta createdCsrMeta = csrMetaBuilder.build(testCsrModel, testServer);
-
- // Then
- assertThat(createdCsrMeta.getPassword()).isEqualTo(testServer.getAuthentication().getIak());
- assertThat(createdCsrMeta.getSenderKid()).isEqualTo(testServer.getAuthentication().getRv());
- assertThat(createdCsrMeta.getCaUrl()).isEqualTo(testServer.getUrl());
- assertThat(createdCsrMeta.getSans()).containsAll(testSans);
- assertThat(createdCsrMeta.getKeyPair().getPrivate()).isEqualTo(mockPrivateKey);
- assertThat(createdCsrMeta.getKeyPair().getPublic()).isEqualTo(mockPublicKey);
- assertThat(createdCsrMeta.getX500Name()).isEqualTo(TEST_SUBJECT_DATA);
- assertThat(createdCsrMeta.getIssuerX500Name()).isEqualTo(TEST_SUBJECT_DATA);
- }
-
- private Cmpv2Server createTestServer() {
- Cmpv2Server testServer = new Cmpv2Server();
- testServer.setCaName(TEST_CA);
- testServer.setIssuerDN(TEST_SUBJECT_DATA);
- testServer.setUrl("http://test.ca.server");
- Authentication testAuthentication = new Authentication();
- testAuthentication.setIak("testIak");
- testAuthentication.setRv("testRv");
- testServer.setAuthentication(testAuthentication);
- testServer.setCaMode(CaMode.RA);
-
- return testServer;
- }
-
-}
diff --git a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java
index 3f5a2540..bea6b6a1 100644
--- a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java
@@ -30,7 +30,6 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
-import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
@@ -42,7 +41,7 @@ import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.ParseException;
import java.text.SimpleDateFormat;
-import java.util.ArrayList;
+import java.util.Collections;
import java.util.Date;
import java.util.List;
@@ -50,15 +49,18 @@ import org.apache.commons.io.IOUtils;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.impl.client.CloseableHttpClient;
-import org.bouncycastle.cert.CertException;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
+import org.onap.aaf.certservice.certification.configuration.model.Authentication;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
-import org.onap.aaf.certservice.cmpv2client.external.Rdn;
import org.onap.aaf.certservice.cmpv2client.impl.CmpClientImpl;
class Cmpv2ClientTest {
@@ -67,12 +69,11 @@ class Cmpv2ClientTest {
Security.addProvider(new BouncyCastleProvider());
}
- private CsrMeta csrMeta;
+ private CsrModel csrModel;
+ private Cmpv2Server server;
private Date notBefore;
private Date notAfter;
-
- @Mock
- KeyPairGenerator kpg;
+ private X500Name dn;
@Mock
X509Certificate cert;
@@ -87,22 +88,15 @@ class Cmpv2ClientTest {
HttpEntity httpEntity;
private static KeyPair keyPair;
- private static ArrayList<Rdn> rdns;
@BeforeEach
void setUp()
throws NoSuchProviderException, NoSuchAlgorithmException, IOException,
InvalidKeySpecException {
- KeyPairGenerator keyGenerator;
- keyGenerator = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
- keyGenerator.initialize(2048);
keyPair = loadKeyPair();
- rdns = new ArrayList<>();
- try {
- rdns.add(new Rdn("O=CommonCompany"));
- } catch (CertException e) {
- e.printStackTrace();
- }
+ dn = new X500NameBuilder()
+ .addRDN(BCStyle.O, "TestOrganization")
+ .build();
initMocks(this);
}
@@ -133,15 +127,10 @@ class Cmpv2ClientTest {
// given
Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00");
Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00");
- setCsrMetaValuesAndDateValues(
- rdns,
- "CN=CommonName",
- "CN=ManagementCA",
- "CommonName.com",
- "CommonName@cn.com",
+ setCsrModelAndServerValues(
"mypassword",
- "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
"senderKID",
+ "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
beforeDate,
afterDate);
when(httpClient.execute(any())).thenReturn(httpResponse);
@@ -164,7 +153,7 @@ class Cmpv2ClientTest {
CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient));
// when
List<List<X509Certificate>> cmpClientResult =
- cmpClient.createCertificate("data", "RA", csrMeta, cert, notBefore, notAfter);
+ cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter);
// then
assertNotNull(cmpClientResult);
}
@@ -176,15 +165,10 @@ class Cmpv2ClientTest {
// given
Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00");
Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00");
- setCsrMetaValuesAndDateValues(
- rdns,
- "CN=CommonName",
- "CN=ManagementCA",
- "CommonName.com",
- "CommonName@cn.com",
+ setCsrModelAndServerValues(
"password",
- "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
"senderKID",
+ "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
beforeDate,
afterDate);
when(httpClient.execute(any())).thenReturn(httpResponse);
@@ -208,7 +192,7 @@ class Cmpv2ClientTest {
// then
Assertions.assertThrows(
CmpClientException.class,
- () -> cmpClient.createCertificate("data", "RA", csrMeta, cert, notBefore, notAfter));
+ () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
}
@Test
@@ -217,15 +201,10 @@ class Cmpv2ClientTest {
// given
Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00");
Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00");
- setCsrMetaValuesAndDateValues(
- rdns,
- "CN=CommonName",
- "CN=ManagementCA",
- "CommonName.com",
- "CommonName@cn.com",
+ setCsrModelAndServerValues(
"password",
- "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
"senderKID",
+ "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
beforeDate,
afterDate);
when(httpClient.execute(any())).thenReturn(httpResponse);
@@ -250,7 +229,7 @@ class Cmpv2ClientTest {
// then
Assertions.assertThrows(
CmpClientException.class,
- () -> cmpClient.createCertificate("data", "RA", csrMeta, cert, notBefore, notAfter));
+ () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
}
@Test
@@ -259,22 +238,17 @@ class Cmpv2ClientTest {
// given
Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00");
Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00");
- setCsrMetaValuesAndDateValues(
- rdns,
- "CN=CommonName",
- "CN=ManagementCA",
- "CommonName.com",
- "CommonName@cn.com",
+ setCsrModelAndServerValues(
"password",
- "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
"senderKID",
+ "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
beforeDate,
afterDate);
CmpClientImpl cmpClient = new CmpClientImpl(httpClient);
// then
Assertions.assertThrows(
IllegalArgumentException.class,
- () -> cmpClient.createCertificate("data", "RA", csrMeta, cert, notBefore, notAfter));
+ () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
}
@Test
@@ -283,15 +257,10 @@ class Cmpv2ClientTest {
// given
Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00");
Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00");
- setCsrMetaValuesAndDateValues(
- rdns,
- "CN=Common",
- "CN=CommonCA",
- "Common.com",
- "Common@cn.com",
+ setCsrModelAndServerValues(
"myPassword",
- "http://127.0.0.1/ejbca/publicweb/cmp/cmpTest",
"sender",
+ "http://127.0.0.1/ejbca/publicweb/cmp/cmpTest",
beforeDate,
afterDate);
when(httpClient.execute(any())).thenThrow(IOException.class);
@@ -299,30 +268,19 @@ class Cmpv2ClientTest {
// then
Assertions.assertThrows(
CmpClientException.class,
- () -> cmpClient.createCertificate("data", "RA", csrMeta, cert, notBefore, notAfter));
+ () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
}
- private void setCsrMetaValuesAndDateValues(
- List<Rdn> rdns,
- String cn,
- String issuerCn,
- String san,
- String email,
- String password,
- String externalCaUrl,
- String senderKid,
- Date notBefore,
- Date notAfter) {
- csrMeta = new CsrMeta(rdns);
- csrMeta.setCn(cn);
- csrMeta.addSan(san);
- csrMeta.setPassword(password);
- csrMeta.setEmail(email);
- csrMeta.setIssuerCn(issuerCn);
- when(kpg.generateKeyPair()).thenReturn(keyPair);
- csrMeta.getKeyPairOrGenerateIfNull();
- csrMeta.setCaUrl(externalCaUrl);
- csrMeta.setSenderKid(senderKid);
+ private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) {
+ csrModel = new CsrModel(null, dn, keyPair.getPrivate(), keyPair.getPublic(), Collections.emptyList());
+
+ Authentication authentication = new Authentication();
+ authentication.setIak(iak);
+ authentication.setRv(rv);
+ server = new Cmpv2Server();
+ server.setAuthentication(authentication);
+ server.setUrl(externalCaUrl);
+ server.setIssuerDN(dn);
this.notBefore = notBefore;
this.notAfter = notAfter;
}